Password Protect users_add.asp SQL Injection

2004-08-30T18:26:26
ID OSVDB:9375
Type osvdb
Reporter Criolabs Staff(security@criolabs.net)
Modified 2004-08-30T18:26:26

Description

Vulnerability Description

Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that user input supplied to the users_add.asp script which will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that user input supplied to the users_add.asp script which will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.webanimations.com.au/ Vendor URL: http://www.webanimations.com.au/shop/Scripts/prodView.asp?idproduct=16 Security Tracker: 1011093 Secunia Advisory ID:12407 Related OSVDB ID: 9371 Related OSVDB ID: 9373 Related OSVDB ID: 9369 Related OSVDB ID: 9374 Related OSVDB ID: 9370 Related OSVDB ID: 9372 Related OSVDB ID: 9376 Related OSVDB ID: 9377 Other Advisory URL: http://www.criolabs.net/advisories/passprotect.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0017.html CVE-2004-1647